Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
2011-08-09T19:55:01.153
2025-04-11T00:51:21.963
Deferred
CVSSv2: 5.8 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:P
8.6
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | chrome | ≤ 3.0.195.38 | Yes | |
| Application | chrome | 0.1.38.1 | Yes | |
| Application | chrome | 0.1.38.2 | Yes | |
| Application | chrome | 0.1.38.4 | Yes | |
| Application | chrome | 0.1.40.1 | Yes | |
| Application | chrome | 0.1.42.2 | Yes | |
| Application | chrome | 0.1.42.3 | Yes | |
| Application | chrome | 0.2.149.27 | Yes | |
| Application | chrome | 0.2.149.29 | Yes | |
| Application | chrome | 0.2.149.30 | Yes | |
| Application | chrome | 0.2.152.1 | Yes | |
| Application | chrome | 0.2.153.1 | Yes | |
| Application | chrome | 0.3.154.0 | Yes | |
| Application | chrome | 0.3.154.3 | Yes | |
| Application | chrome | 0.4.154.18 | Yes | |
| Application | chrome | 0.4.154.22 | Yes | |
| Application | chrome | 0.4.154.31 | Yes | |
| Application | chrome | 0.4.154.33 | Yes | |
| Application | chrome | 1.0.154.36 | Yes | |
| Application | chrome | 1.0.154.39 | Yes | |
| Application | chrome | 1.0.154.42 | Yes | |
| Application | chrome | 1.0.154.43 | Yes | |
| Application | chrome | 1.0.154.46 | Yes | |
| Application | chrome | 1.0.154.48 | Yes | |
| Application | chrome | 1.0.154.52 | Yes | |
| Application | chrome | 1.0.154.53 | Yes | |
| Application | chrome | 1.0.154.59 | Yes | |
| Application | chrome | 1.0.154.64 | Yes | |
| Application | chrome | 1.0.154.65 | Yes | |
| Application | chrome | 2.0.156.1 | Yes | |
| Application | chrome | 2.0.157.0 | Yes | |
| Application | chrome | 2.0.157.2 | Yes | |
| Application | chrome | 2.0.158.0 | Yes | |
| Application | chrome | 2.0.159.0 | Yes | |
| Application | chrome | 2.0.169.0 | Yes | |
| Application | chrome | 2.0.169.1 | Yes | |
| Application | chrome | 2.0.170.0 | Yes | |
| Application | chrome | 2.0.172 | Yes | |
| Application | chrome | 2.0.172.2 | Yes | |
| Application | chrome | 2.0.172.8 | Yes | |
| Application | chrome | 2.0.172.27 | Yes | |
| Application | chrome | 2.0.172.28 | Yes | |
| Application | chrome | 2.0.172.30 | Yes | |
| Application | chrome | 2.0.172.31 | Yes | |
| Application | chrome | 2.0.172.33 | Yes | |
| Application | chrome | 2.0.172.37 | Yes | |
| Application | chrome | 2.0.172.38 | Yes | |
| Application | chrome | 3.0.182.2 | Yes | |
| Application | chrome | 3.0.190.2 | Yes | |
| Application | chrome | 3.0.193.2 | Yes | |
| Application | chrome | 3.0.195.2 | Yes | |
| Application | chrome | 3.0.195.21 | Yes | |
| Application | chrome | 3.0.195.24 | Yes | |
| Application | chrome | 3.0.195.25 | Yes | |
| Application | chrome | 3.0.195.27 | Yes | |
| Application | chrome | 3.0.195.32 | Yes | |
| Application | chrome | 3.0.195.33 | Yes | |
| Application | chrome | 3.0.195.36 | Yes | |
| Application | chrome | 3.0.195.37 | Yes |